DDoS Attacks Are Coming Back to School

September 22, 2016 Ben Fischer

School Bus Image

It is that time of year, where kids of all ages are heading back to school, with fresh, unwrapped school supplies in their backpacks with their smartphones, tablets, and laptops. Teacher and school administrators are busy preparing for their new incoming class of students, entering in student data, setting up distribution lists, updating their syllabuses, and setting up their grading systems among the many things our teachers do for our children. Hard at work behind the scenes are the computers, networks, servers, applications, and cloud infrastructure that supports all of the applications that our teachers, administrators, and students depend upon throughout the school year. While all of these various technologies have enabled a modern teaching and learning experience and provided efficiencies to our school systems, their availability is under appreciated. As we have come to rely on these technologies more, their availability has grown in importance as well.

Traditionally we think of the availability of our school in terms of the building(s) being open or closed, such as closed for a snow day, or worse for a natural disaster. But what happens when one piece of IT infrastructure that is used every day in our schools does not work? What happens if there is no internet access? Cloud-based solutions are not helpful, unless classes are moved to the local coffee shop, but only so many students can fit thought the doors. What happens if the server hosting exams or grades goes down during finals? Do students get sent home indefinitely until the problem is fixed.

One of the widest ranging threats to an educational institution’s Information infrastructure today are Distributed Denial of Service (DDoS) attacks. These attacks are very common on the networks of our colleges and universities and are increasingly being seen at high schools across America.

Attack Target Graph

While students are instigators for all imaginable reasons of these attacks, they are also frequently targets themselves. The two most commonly seen DDoS attacks in our educational institutions are students:

  1. Attacking their own school to delay their final exams that they have not properly prepared for;
  2. Attacking either gaming servers or other gamers to gain an advantage within the game they are playing in competition with other gamers.

While there is no DDoS 101 class, DDoS attacks are unfortunately as cheap as $5 (USD) and simple to execute, by even the most novice user. Sadly, this is a global phenomenon, and not isolated to any single geography.

At Arbor we have worked with educational institutions to implement comprehensive solutions to protect against DDoS attacks, including a group of state and regional educational organizations with a combined network that supports more than 1.4 million students and school internet access. The network provides access to high stakes online testing, such as PARCC, AIR, and MAP1 and supports integrated Education Management Information Systems with student data reporting, student information systems, and state fiscal software applications.

The shared network was experiencing an increasing number of DDoS attacks – 28 attacks in 28 days was reported at one time. Adding to the issue was that not all the attacks throughout the network were detected or reported. Administrators were aware of “low and slow” DDoS tactics targeting applications with lesser volumes of traffic that were very difficult to identify.

Now with Arbor’s DDoS Protection Solution, every participating organization using the statewide network enjoys multilayer DDoS defense, with always on, in-line protection from in-bound DDoS attacks through an on premise Availability Protection Systems (APS) that can also stop outbound activity from compromised hosts, and up to 2 Tbps of on-demand mitigation capacity from Arbor Cloud’s global, cloud-based scrubbing centers. In fact, one of the strengths of the comprehensive Arbor DDoS solution is the seamless integration between the scalable, Arbor Cloud DDoS protection service and Arbor’s on-premise APS. If an APS detects a volumetric DDoS attack that may overwhelm the organization, the APS can automatically redirect traffic to the fully managed Arbor Cloud DDoS protection service. This Cloud Signaling feature is unique to Arbor’s DDoS Protection Solution

Since deploying Arbor’s DDoS Protection Solution, state and regional educational organizations have experienced a reduction in DDoS attacks—and faster mitigation. They have effectively removed the threat of botnets, and set connection limits on application servers to prevent “unintentional” DDoS. They were also pleasantly surprised to recover 5-6 percent of inbound bandwidth and reduced their average firewall utilization.

School is back in session and DDoS attacks are sure to follow. Our schools are bastions of learning for our younger generations and their technology needs to be protected in order to ensure their missions of education and research are achieved.

The post DDoS Attacks Are Coming Back to School appeared first on Arbor Insights - Our people, products and ideas.

Read more...

Previous Article
Network Traffic Analysis for Security: A “Market” on the Cusp of the Chasm?
Network Traffic Analysis for Security: A “Market” on the Cusp of the Chasm?

At Arbor, and at our parent company NETSCOUT, we talk a lot about the value that comes from Network Traffic...

Next Article
On Blank Stares, Reflecting Ears, and DDoS Attacks
On Blank Stares, Reflecting Ears, and DDoS Attacks

By Dr. Edward G. Amoroso, CEO of TAG Cyber LLC Whenever I get those dreaded blank stares from an audience h...